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Abstract. We consider the average-case complexity of some otherwise undecidable or open Dio- 
phantine problems. More precisely, we show that the following two problems can be solved in 
PSPACE: 

I. Given polynomials /i, . . . , f m G Z[x 1 , . . . , x n ] defining a variety of dimension < in C n , find 

all solutions in Z n of /i = ■ • ■ = / m = 0. 
II. For a given polynomial / £ Z[u, x, y] defining an irreducible nonsingular non-ruled surface in 

C 3 , decide the sentence 3v Wx 3y f(v, x, y) = 0, quantified over N. 
Better still, we show that the truth of the Generalized Riemann Hypothesis (GRH) implies 
that detecting roots in Q n for the polynomial systems in problem (I) can be done via a two-round 
Arthur-Merlin protocol, i.e., well within the second level of the polynomial hierarchy. (Problem 
(I) is, of course, undecidable without the dimension assumption.) The decidability of problem (II) 
was previously unknown. Along the way, we also prove new complexity and size bounds for solving 
polynomial systems over C and Z/pZ. A practical point of interest is that the aforementioned 
Diophantine problems should perhaps be avoided in the construction of crypto-systems. 



1. Introduction and Main Results 



The negative solution of Hilbert's Tenth Problem [Mat 70, Mat93] has all but dashed earlier 
hopes of solving large polynomial systems over the integers. However, an immediate positive 
consequence is the creation of a rich and diverse garden of hard problems with potential applications 
in complexity theory, cryptology, and logic. Even more compelling is the question of where the 
boundary to decidability lies. 

From high school algebra we know that detecting roots in Q (or Z or N) for polynomials in 
Z[xi] is tractable. However, in [Jon82], Jones showed that detecting roots in N 9 for polynomials in 



Z[xi, ... , xq] is already undecidable. Put another way, this means that detecting a positive integral 
point on a general algebraic hypersurface of (complex) dimension 8 is undecidable. 

It then comes as quite a shock that decades of number theory still haven't settled the complexity 
of the analogous question for algebraic varieties of dimension 1 through 7. In fact, even the case of 
plane curves remains a mystery :Q As of late 1998, the decidability of detecting a root in N 2 , Z 2 , or 
even Q 2 , for an arbitrary polynomial in Zfxi,^], is still completely open. 

1.1. Dimension Zero. We will thus go one dimension lower^] in order to prove a useful result. 
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Main Theorem 1. Suppose F :=(/i, . . . , f m ) is a system of polynomials in 7L\x\, . . . , x n ] and let 
Z be the zero set of F in C n . Assume further that dimZ<0. Then 

1. We can find all the roots of F in Z n within PSPACE. 

2. The truth of the Generalized Riemann Hypothesis implies that deciding ZnQ n = is in AM. 



Remark 1. Recall that NP UBPP C AM C RP NP ncoNP NP C n 2 C • • • C PH C PSPACE C 

EXPTIME [|BM88 , Pap95]. Also, it will later follow easily (cf. remark^) that the rational analogue 
of assertion (1) can be done within EXPTIME (or polynomial time for fixed n). 

While one can derive assertion (1) more or less directly (from, say, [ Ren87| 1 or [ BPR92| ), the 
explicit sequential and parallel complexity bounds we give in section || (cf. remark ^) are the best 
to date and do not follow from earlier work. Also, assertion (2) presents a new arithmetic analogue 
of a recent result of Koiran [ Koi9C ] stating that the truth of GRH implies that detecting a complex 
root can also be done within AM, with no restriction on dimZ. 



Remark 2. Deciding dim Z <0 can be done in PSPACE via another algorithm of Koiran [ Koi97 
In fact, the truth of GRH implies that this decision problem can be done within AM as well [Koi97 



Remark 3. If one fixes the monomial term structure of F and picks the coefficients randomly, 
then it follows easily from the theory of resultants [ GKZ94 , |5tu98 l that m>n ==>- F will have only 
finitely many roots in C n on average. This can be made completely explicit via, say, J. Schwartz' 



well-known result | Sch80 | on randomized verification of polynomial identities. 



Remark 4. We will use the classical Turing machine flPap95 ] as our computational model, along 
with the bit-wise (resp. sparse) encoding for rational numbers (resp. polynomials in Z[xi, . . . , x n ]) 
[BSS98], throughout. So, for example, the size of an integer c will be 1 + [~log 2 (|c| + 1)] . Also, all 
quantification symbols will be understood to range over the positive integers N. 

An interesting corollary of Main Theorem [l] is the following: 

Corollary 1. Following the notation of Main Theorem [7], assume n is fixed. Then we can find 
all the roots of F in 7U 1 within NC3. ■ 

For n = 1, this complements two older results: (a) the famous result of Lenstra, Lenstra, and 
Lovasz [LLL82] that all the rational roots of / can be found in polynomial sequential time, and 
(b) Neff 's result [|Nef94| 1 that the roots of / in C can be approximated (to some input precision) in 
NC3. We have thus obtained higher-dimensional Diophantine analogues of these results. 

The proof of Main Theorem |l| is based on the following number-theoretic result relating root- 
finding over the fields Q and TLjpTL. 

Main Theorem 2. Following the notation of Main Theorem^ let r be the number of roots of F 
in (Q) n counting multiplicities. Also define Np(x) to be the total number of roots of F in TLjpL, 
counting multiplicities, as p runs through all primes < x. Finally, let ir(x) denote the number of 
primes <x. Then the truth of GRH implies that 



N F (x) 



ir(x) 



< 



A 



[C F log x + M (E) (log x) 



where A is an effective and absolute constant, and Cf is a quantity polynomial in S{E) and the 
size of F . 
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This result may be of independent interest to number theorists, as well as complexity theorists 
and numerical analysts. We also note that while Main Theorem [2] deals with using reduction mod p 
to count roots over Q, other results, such as [ Koi96| , Thm. 8] and [ |Bur99 , Thm. 4.1], use reduction 



mod p to determine the existence of roots in C. Our techniques can be used to improve these latter 
results as well, and this will be pursued in a forthcoming paper. 

Remark 5. The main results we describe in the next two subsections are of a more technical nature, 
so the reader more interested in the conceptually simple AM algorithm above can skip directly to 
the beginning of section 

1.2. Dimensions One and Two. To reconsider the complexity of detecting integral points on 
varieties of dimension > 1, one can consider more subtle combinations of quantifiers to facilitate 
finding decisive results. For example, Matiyasevich and Julia Robinson have shown [MR74 , Jon81] 

that sentences of the form 3u 3v Vx 3y f(u, v, x,y) = are already undecidable. 

However, the decidability of sentences of the form 3v Vx 3y f(v,x,y) = was an open question 
until recently: in [ Roj99b(| it was shown that these sentences can be decided by a Turing machine, 



once the input / is suitably restricted. Roughly speaking, deciding the prefix 3V3 is equivalent to 
determining whether an algebraic surface has a slice (parallel to the (x, y)-plane) densely peppered 



with positive integral points. The "exceptional" / not covered by the algorithm of [Eloj99b] form 
a very slim subset of Z[v,x, y\. 

We will further improve this result by showing that under similarly mild input restrictions, 3V3 
can in fact be decided in singly exponential time and parallelized effectively. To make this more 
precise, let us write any f £Z[v,x,y] as f(v,x,y) = c a v ai x a2 y a3 , where the sum is over certain 
a:= (0,1,02,0,3) £Z 3 . We then define the support of / as Supp(f) := {a | c a ^0}. The Newton 
polytope of /, Newt(f), is then just the convex hullQ Conv(Supp(/)). When we say that a 
statement involving a set of parameters {ci,. . . ,cn} is true generically, we will mean that the 
statement holds for all (c\, . . . , cat) G C n outside of some a priori fixed algebraic hypersurface. 

Main Theorem 3. Fix the Newton polytope P of a polynomial f El,[v, x,y] and let p denote the 
projection mapping M 3 onto the (e%, e^)-plane. Suppose further that p(P) has at least one lattice 
point in its interior. Then, for a generic choice of coefficients depending only on P , we can decide 

3v Vx 3y f(v, x,y) = within PSPACE. 



The generic choice above is clarified further in section [|. In particular, we will see that the 
"average" polynomial in Z[v, x, y] with moderately large support defines an irreducible, nonsingular, 
non-ruled surface in C 3 . 

It is interesting to note that the exceptional case to our above algorithm judiciously contains 
an extremely hard number-theoretic problem: determining the existence of a point in N 2 on an 
algebraic plane curve. (Indeed, we will see later that Z[v, y] lies in our exceptional locus.) We 
also point out that the problem of computing the size of the largest positive integral point on an 
algebraic plane curve is closely related to determining whether an algebraic surface possesses any 



integral point: It was recently shown in [Roj99b| that under certain assumptions, the decidability 



of the latter problem implies the uncomputability of the former function. 

Aside from a geometric trick, the proof of Main Theorem 2 relies on essentially the same tools as 



the proof of Main Theorem 1: Both proofs make use of the toric resultant [GKZ94, Stu9S , Roj99c 
3 That is, the smallest convex set in M 3 containing Supp(/). 
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and a recent perturbation trick specifically tailored for degenerate sparse polynomial systems 
[Roj99c]. New complexity and size estimates on polynomial system solving over C form a cru- 



cial key step. We now describe these new bounds. 

1.3. New Bounds for Solving Over C. In order to rigourously state our results for polynomial 
system solving over C, we will introduce some necessary notation: First note that the notions of 
support and Newton polytope extends naturally to polynomials in 7L\x\, . . . , x n \. We then say that 
F is an m x n polynomial system with support contained in E, whenever F is as stated in 
Main Theorem 1, E = {E\, . . . ,E m ), and Supp(/j)C£'j for all i. 

An important geometric invariant for mxm systems of equations is A4 (E) — the mixed volume 
BZ8|, |GK94| , [E09l]l , |Ewa96| , pGH98| 1 of the convex hulls oiEx,... ,E m . A trick we will use to solve 



general m x n systems (when m>n) is to include additional points in the E% so that Ai(E) >0. 

For {m + 1) X m systems we will instead let E := (E\, . . . , E m ) and E := (Ex, . . . , E m+ i). We 
also point out the following two important complexity-theoretic parameters: 

Definition 1. For any (m+l)-tuple E of 'finite subsets of1> m , define R(E) '=^^I^i A4(E\, . . . , Ei, . . . , E m+ i) 
and let S(E) = 0(y/me m M. l g e ), where A4^ e is the average value of M{£) as £ ranges over all m- 
tuples (fi,... , £ m ) with £i 6 {E±, . . . , E m+ \} for all i. 

While the precise definition of S(E) depends on the efficiency of a particular class of algorithms 



described in [Roj99c], the preceding asymptotic bound will suffice for our purposes. 



Remark 6. An important extreme class of F is the dense case: This occurs when, for all i, all 
monomial terms up to some fixed degree occur in /j. In this case, the best known complexity bounds 
for existential quantifier elimination over C are polynomial in Z?n and ^ Ds n + 1 j , where D\j and Dy, 
are respectively the product and sum of the total degrees of the fi [ |CKL89 , Ier89 , FGM90, Roj99c]. 



Remark 7. Our complexity and size bounds will instead be polynomial in the invariants M(E), 
R(E), and S(E). In particular, we point out that M(E) < R(E) < S(E). Furthermore, M(E) < D n , 
R(E) <(n+ 1)D U , and S(E)<( + 1 \ < ( £ ^ £ ) n , with equality if the Newton polytopes are the 
same as those of the dense case. Even better, for sparse polynomial systems, our invariants are 
usually dramatically smaller than thes last three upper limits (cf. example^). 

To bound the size of the roots of very general polynomial systems, we will need one final invariant. 

Definition 2. Following the notation of definition^ let c, fceN and define 

H(c,k,E):=2^) (2m>M(E?) mM(E) (cVkY^'^ . 



Let A :=Conv({0, ei, . . . , e m }), where OGl m denotes the origin and ej Sl m is the i— standard 
basis vector. In what follows, 0*(T) means C(Tlog r T) for some constant r>0. 

Main Theorem 4. Following the notation and hypotheses of Main Theorem 1, suppose further 
that m>n, every /j has at most k monomial terms, and that all the coefficients of F have absolute 
value < c. Also, for all i £ {1, . . . , m} define Ei to be the union of {O, e^} and the support of /j. 
Finally, let E rn+ \ = AnZ m . Then we can find univariate polynomials h,hi,... ,h n GZ[t] with the 
following properties: 

0. The degrees of h,h±, . . . ,h n are bounded above by A4(E). 
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1. Given any root 9 EC of h, define "f(0) := (hi(9), .. . ,h n (9)). Then the set of points {'j(8)}h(6)=o 
contains all the roots of F in C n . 

2. The coefficients of h have absolute value bounded above by H(c, k, E) 

In particular, the size of the coefficients of h is polynomial in S{E) and hp, where Lp de- 
notes the size of F. Furthermore, h,h\,... ,h n can be found deterministically within sequen- 
tial time 0%nm 3 M(EfS(E) 2 - 376 mm{R(E)_ 2 ,S(E)}L F ), or parallel time 0(log{S(E)L F }) us- 
ing 0*(nm 3 M(E) 3 S(E) 2 ' 37 ® mm{R(E) 2 , S(E)}) proc- essors. In particular, h,h\,... ,h n can be 
found in NC when n is fixed. 



Remark 8. Choosing extra points to add to Supp(i ? ) (and the choice of Newton polytope for f m +l) 
can be optimized for a given monomial term structure without too much difficulty (see [jRoj99c , 
remark 2]). 

The complexity bounds above are the best deterministic bounds to date for general^ univariate 
reduction over C. In particular, our bounds work for over-determined systems of equations and 
are much more sensitive to the sparse encoding of the input than earlier bounds (cf . example |2|) . 



For instance, our bounds above considerably improve those of [ ler8£ , FGM90 |, which were stated 



solely in terms of the degrees of the input polyno mials.^ Furthermore, the exponents above can be 



significantly lowered if randomization is allowed [ Roj99c 



As an almost immediate corollary, we obtain new and extremely general bounds on the size of 
the roots of F: 

Main Theorem 5. Following the notation and hypotheses of Main Theorems^ and\^, let (xi, . . . ,x n ) 
C be any root of F, fix any j E {1, . . . ,n}, and now let E m+ % be the line segment from the origin 
O to ij . Then either Xj = or H(c, k, E)~ l < \xj \ < H(c, k, E) . In particular, the size of the roots 
of F is polynomial in S(E) and the size of F. 

The above gap theorem generalizes earlier bounds due to Malajovich-Muhoz |Mal94| and Canny 
[Can87]. In particular, while our bound is a bit coarser in the dense case, it is significantly better 



for certain sparse systems (cf. example |2|). Furthermore, earlier bounds assumed m = n and made 
various other nondegeneracy assumptions — such as no multiple roots — even in the case m = n = 1. 

Main Theorems [j], ||, and [5| are respectively proved in sections [3l ||, p| and [6|. Section |6| also 
contains the proof of Main Theorem ||. However, we will first give some examples before starting 
our main proofs. 

2. Algorithmic Examples 

We begin with a brief illustration and synopsis of the algorithm from Main Theorem ^. We then 
conclude with an example of the benefits of the sensitivity to sparsity (or "monomial sensitivity" ) 
in our complexity and size bounds. 

Further details on the univariate reduction algorithm below appear in section ||, and the case 
m = n is described at length in [Roj99c]. 



Example 1. (m = n = 2) 

Consider the bivariate polynomial system F = (1 + 2x — 2x 2 y — 5xy + x 2 + 3x 3 y, 



4 



The algorithm ab ove can easily be generalized to the case dim Z > 1 without changing the complexity bounds, 



via the techniques of [Roj99c 



3 We point out, however, that these papers deal with a more general problem than Main Theorem 
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2 + 6x — 6x 2 y — llxy + Ax 2 + 5x 3 y). Letting E be the support of F , the reader can easily verify 
that O G E\ n Ei, Ai(E) = 4, and that the only roots of F are the points {(1, 1), (j, |)} and the 
line {— 1} x C. So this example illustrates a slightly more general situation than our dimZ = 
restriction. 

We now highlight the main points of our algorithm: First, via combinatorial means [EC95], we 
construct a toric resultant matrix, M%. The entries of this sparse and highly- structured matrix 
(of size S{E) x S{E)) will be the coefficients of F, as well as a few extra parameters. 

The coefficients of the polynomials h, h\ , hi are found by solving a collection of linear systems 
of equations. The coefficients for these systems are in turn derived from the computation of de- 
terminants of various specializations of Mg . The number of linear systems and determinants, as 
well as their sizes, accounts for the complexity bound of Main Theorem Note in particular that 
R{E) = 4 + 4 + 4 = 12 and that S(E) can be taken to be 17 in the case at hand. (The corresponding 
matrix Mg appears explicitly in jRoj99cj ] .) 

After an application of Maple, one at last obtains that 

h{t) = -153 + 120£ + 1540t 2 + 1600t 3 + 448£ 4 , 

h (+\ — H762 i 19150 + i 114736 +2 _i_7264+3 „„ J h n (i\ — 5881 i 32108+ i 57368+2 i 3632+3 
'HW — 75H 22533 ^ 22533 1 3219 1 ' U,tU "2W — 7511 ^ 22533 L T 22533 L "•" 3219 L ' 

Since h(t) factors as 

(2t + 3)(28t + 51)(2i + l)(4t - 1), 

we immediately obtain a set of points lying in Z (including all the isolated roots) by substituting 
i~ I' — H' — 5' li * n *° the pair (hi(t) , h,2(t)) . Note also that the roots of h are exactly — ^Ci — (2, 
as (Ci)C2) ranges over a finite set of roots of F, at least one in each irreducible component of Z . 

Our next example shows how older complexity and size bounds (which were stated solely in 
terms of degrees of polynomials) may be too pessimistic for certain sparse systems. 

Example 2. (Well Directed Spikes) Consider the system of equations F defined by 

oi,l + 01,2^1 H H oi jn x n _i 

+ci )1 (xi • • • x n ) H h c 1)d (xi ■ ■ ■ x n ) d = 



a. 



1,1 + On, 2^1 + • • • + a n ^ n X n -i 



+Cn,l(xi ■ ■ ■ X n ) H h Cn,d{xi ■ ■ ■ X n ) d = 0. 

In this case, the Newton polytopes are all equal to a single "spike" and we can actually pick the 
Newton polytope of f n +i to be Conv({0, ei, . . . ,e n _i,^ej}). So via the basic properties of the 
mixed volume, it is a routine exercise to check that Ai(E) =d and R(E) = (n + l)d. Furthermore, 
note that our example is equivalent (via the change of coordinates y = {x\, . . . , x n —\, x\ ■ ■ ■ x n ) ) to a 



system of total degree 1 in y\, . . . , y n -i and of degree d in y n . It then follows from [ GKZ94 , Flo j 99c 



that we can build a sufficiently compact resultant matrix so that S(E) =R(E). Main Theorem 



6 For n — 2, there is the simple formula M{E) = 
Area(Conv(_Ei + E2)) — Area(Conv(Bi)) — Area(Conv(i?2))- Also, both polynomials are divisible by x + 1. 
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thus tells us that we can reduce solving F to a univariate problem within deterministic sequential 
timeO*(n 7 - 376 d 6 - 376 ). 

Let us now see how previous methods fare on our sparse example. Remark tells us that older 
algorithms took sequential time polynomial in Z?n and a rather large binomial coefficient. These 
two parameters respectively reduce to n n d n and Q(n n (^) n ) (by Stirling's estimate). So our methods 
clearly exploit sparsity to much greater advantage. 

As for root size bounds, the best previous bound for dense systems of identical degrees [ |Can87| 
specializes to (3cdn) rf " n " +1 . Roughly speaking, this means that this older bound needs 0{bd n n n+l ) 
bits to specify the size of the roots of F , assuming the coefficients of F used b bits to start with. On 
the other hand, our new bound from Main Theorem^ tells us that we need only 0(nd(b + log(nd)) 
bits. So it appears that sparsity is also quite helpful for root size bounds. 

Generating infinite families of such examples is easy, simply by picking Newton polytopes which 
are n- dimensional, but "long" in a suitable fixed direction. 

3. The Proof of Main Theorem |l| 

We will first present a proof of assertion (2), since the corresponding algorithm is much simpler 
than our more intricate PSPACE algorithm. 
Proof of Assertion (2): Consider the following algorithm: 

Step 1 Pick positive integers s and t as follows: Let t be just large enough so that 

^[C F logt + M(E)(logtf}<± 

and t > 4nAi(E). Then define s to be just small enough so that - > ^p. 
Step 2 Pick a (uniformly) random integer in j £ {1, . . . , [-] — 1} and define Xj and Xj+i to be js and 

(j + l)s respectively. (If j + 1= [~|] then define Xj + \ :=t + 1.) 
Step 3 Via an NP oracle, find if there is a prime p£ [xj,Xj+i) such that F has a solution in Z/pZ. 
Step 4 If such a prime exists, conclude that F has a root in Q n . Otherwise, declare that there is no 

root in Q n . 

This algorithm clearly at least resembles a two-round Arthur-Merlin protocol, so let us confirm its 
correctness. 

First note if F has a root in Q n , then F has a root in Z/pZ for all but finitely many primes p. 
(The exceptional primes must divide the denominator of some coordinate of a rational root of F, 
so there can be at most nAi(E) such primes.) So in this case, by our choice of t, F will have a 
root in Z/pZ for more than | of the primes pE [l,t + 1)- So, by our choice of s, our algorithm has 
a probability greater than | of succeeding in this case. The role of the size of s is detailed further 
in the next case: 

Suppose now that F has no roots in Q n . Call a prime for which F has a root in Z/pZ a bad 
prime. Then by Main Theorem || and our choice of t, strictly less than \ of the primes pE [1, t + 1) 
are bad. Also, by the box-principle, the probability that the interval [xj,Xj + i) contains a bad prime 
is less than -r (thanks to our choice of s). So the probability of failure in this case is strictly less 
than |. 

To conclude, recall that log S(E) is polynomial in the size of F. So the number of bits necessary to 
express any prime above is polynomial in the size of F. Also note that assuming GRH, ir(x) (which 



is asymptotic to [Wei84]) can be approximated within a factor of 1 + e in time polynomial in 
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~ and the size of x [|L077| . (Furthermore, we can certainly compute an integer at least as large as 
S(E) in polynomial time via remark [7|.) Thus, the time needed to compute {xj, xj + i}, the number 
of necessary random bits, and the number of bits of any integer in [xj, Xj+i), are all polynomial in 
the size of F. 

Finally, via |Mil75 l, the truth of GRH implies that an integer [xj,Xj + \) can be verified to be 



a prime in polynomial time. So via [|Coh93 l, a putative root of F mod p can indeed be verified in 



polynomial time. So we indeed need only one call to an NP oracle. Our algorithm is thus indeed 
an AM algorithm. ■ 

Proof of Assertion (1): First note that if m < n then ==>- a\\mZ> 1, by the well-known 

facts on intersections of complex hypersurfaces | Mum95(| . So we can safely assume that m>n. 



Following the notation of the proof of Main Theorem ||], now pick f m +\ = uq + U{X{ and run the 
algorithm from Main Theorem ^| (cf. remark 15) to solve for the i— coordinates of all the roots of 
F within accuracy \. By Main Theorem |], and combining with Neff 's algorithm for NC univariate 



solving over C [Nef94], this computation can be done for all i£ {1, ... , n} within PSPACE. (Note 
that we are implicitly using the fact that polynomial parallel time with singly exponentially work 
is in PSPACE TPap95| , pg. 398].) 



By taking combinations of the coordinates thus found, we obtain a set RcC n of at most A4(E) n 
putative approximate solutions of F. In particular, by the choice of accuracy we've made, the 
integral roots of F are contained in the set R' := {([xi], • • • , [x n ]) \ ■ ■ ■ ,x n ) G T}, where [a;] 
denotes the nearest integer to x. The integral roots of F then certainly lie in R' . They can then 
be identified within PSPACE, using the most naive parallel algorithm for polynomial evaluation, 
devoting at worst polynomially many processors to each element of R '. The quantity M(E) is at 
worst singly exponential in the coordinates of the E{ (cf. remark [?]), so we are done. ■ 

Remark 9. A more precise complexity bound for algorithm above is the following: 

0*(n 2 m 3 M(E) 3 S(E) 2 - 376 mm{R(E) 2 , S{E)}L F ) 

sequential time (via fast approximate univariate factorization overC |BP94|] ^ or O* (log 3 {S(E)Lp}) 
parallel time using 0*(nm 3 Ai(E) 3 S(E) 237& mm{R(E) 2 , S(E)}) processors. (So we obtain NC3 for 
fixed n.) Furthermore, it easy to see that we can substitute the factoring algorithm of [LLL82], in 
place of Neff 's algorithm, to find all the roots of F in Q n with EXPTIME. For fixed n this clearly 
reduces to polynomial time. 

Remark 10. Presumably, Main Theorem || continues to hold under the weaker condition that the 
real dimension of Z is at most zero. One route of proof is an extension of Main Theorem ^ to the 
real isolated roots of F, and this will be pursued in later work. 

4. Genus Zero Varieties and the Proof of Main Theorem || 
In what follows, we will make use of some basic algebraic geometry. A more precise description 



arithmetic) genus for algebraic varieties [Har77]. 



of the tools we use can be found in [Roj99b|. Also, we will always use geometric (as opposed to 



Let us begin by clarifying the genericity condition of Main Theorem y. Let Z be the zero set of /. 
What we will actually require of / (in addition to the assumptions on its Newton polytope) is that 
Z be an irreducible nonsingular surface of positive genus. That Z is irreducible and nonsingular for 
a generic choice of coefficients follows from Bertini's theorem [ |Mum95| . That Z also has positive 
genus generically follows from a result of Khovanskii [Kho78]. (His result actually implies that 
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for generic coefficients and generic Vq, f(vo,x,y,) = defines a curve of positive genus. It is then 
impossible for Z to generically have genus zero.) Since the intersection of any two open Zariski- 
dense sets is open and dense, we indeed have that our hypothesis occurs generically. 

Now note that from the classification of algebraic surfaces [ Bca96| ], Z has positive genus ==>- Z 



is non-ruled. In particular, this means that there can only be finitely many vq such that the "slice" 
Z n {v = vq} contains a curve of genus zero. (By the nonsingularity of Z and Bertini's theorem 
again.) Note that by Siegel's Theorem [ Sil99| , 3y f(vo,x,y) = Z n {v = vq} contains a 



curve of genus zero. So assuming one can decide the prefix V3, finding genus zero slices for the 
large family of / above gives us a way to decide the prefix 3V3. 

The preceding assumption is true, in spades, thanks to the following result: 



The JST Theorem. [Jon81, Sch82, [Tun87 ] The quantifier prefix V3 is decidable in sequential 



time polynomial in deg/ and singly exponential in the size of f . More explicitly, given f £l*[x,y], 
we have that Vx By f(x,y) = iff all of the following conditions hold: 

1. The polynomial f factors into the form fo{x,y)Y[i=i(y ~ fi{ x )) where fo(x,y) G Q[x, y] has 
no zeroes in the ring Q[x], and for all i, fi£Q[x] and the leading coefficient of fi is positive. 

2. Vx G {1, . . . , xo} By G N such that f(x, y) = 0, where xq = max{si, . . . , Sk}, and for all i, Sj is 
the sum of the squares of the coefficients of fi . 

3. Let a be the least positive integer such that afi, ■ ■ ■ , afk G Z[x] and set g% := afi for all i. 
Then the union of the solutions of the following k congruences 

gi(x) = mod a 
9k(x) = mod a 

is all o/Z/aZ. ■ 

Remark 11. The JST Theorem can be strengthened slightly in the following way: one can replace 
a in condition (3) with any positive integer a' such that a'fi, . . . , a'fk £Z[i]. Also, the techniques 
of |Coh93 l can easily support the stated complexity bound. 



Proof of Main Theorem ra: It follows easily from the Hurwitz genus formula for curves [3il95] 



that Vx By f(vo,x, y) = =>- Z n {v = vq} defines a curve with a singular component. The set of 
such uoGC is of course finite (by Bertini's theorem again), since Z was assumed to be nonsingular. 

So our algorithm is the following: Find those t>oGN for which ZD {^ = ^0} is singular, and then 
solve the corresponding instances of V3. If any instance is true, then our original sentence was true. 
Otherwise, our original sentence was false. 

Finding this set of vq is easily done within polynomial sequential time using the Jacobian criterion 



for singularity [ Mum95 |: simply find those positive integers vq for which the system of equations 
(f(vQ,x, y), ®£i^£i>yl ; df( y o^ x ,y) ^ ^ as a som tion (x, y] G C 2 . This can be done easily via Main Theorem 
||. In particular, the number of eligible vq is polynomial in the degree of /. (Polynomial in Vol(P) 
in fact). Furthermore, we can simply solve to within accuracy ^ to isolate the uoGN (if any). 

To conclude, we simply note that the only part of the JST theorem which can not be implemented 
in polynomial sequential time, via the results we've introduced and quoted so far, is part (2). For 
this part we then simply use (singly) exponentially many processors (one for each xG {!,... ,xq}) 
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to finish in constant additional time. Since P (and constant parallel time with singly exponential 
work) is contained in PSPACE ||Pap95| , pg. 398], we are done. B 



Remark 12. Although a result weaker than Main Theorem would have sufficed, an immediate 
corollary of our proof is that the parallel time sufficient to decide 3V3 is near-heptic in the volume 
of the Newton poly tope P. 



Remark 13. Note that if f £ Z[v,y] then Z is a ruled surface in C 3 . From another point of 
view, the hypothesis of Main Theorem [| is violated since p(P) is contained in a line segment. 
Deciding 3V3 for this case then reduces to deciding 33, which we've already observed is very hard. 



Nevertheless, Alan Baker has conjectured that this problem is decidable [Jon81, section 5] 



Remark 14. The complexity of deciding whether a given surface is ruled is an open problem. 
(Although one can check certain instances in PSPACE, as described above.) It is also interesting 
to note that finding explicit parametrizations of rational surfaces (a special class of ruled surfaces) 
appears to be decidable. Evidence is provided by an algorithm of Josef Schicho which, while still 
lacking a termination proof, seems to work well in practice [tSch98] 1 . 



5. Determinants Galore and the Proof of Main Theorem [| 

Let us first concentrate on an important special case. 
The Case m = n: This special case of our result, save for the parallel time and coefficient bounds, 
reduces to Main Theorem 1 of [ |Roj99c |. Note in particular that the sequential time bound for 
this case simplifies to 0*(n 4 M(E) 3 S(E) 2 - 37e mm{R(E) 2 , S(E)}L F ). There is also the issue of 



converting arithmetic cost to bit cost, so this is how the factor of Lp (not present in [R,oj99c|) 
appears here. We will soon see that the structure of our algorithm permits a relatively simple 



conversion between these two different costs via, say, the techniques of [BP94]. 

We will now prove the parallel complexity bound, illustrating our algorithm along the way. What 



we will describe is essentially an outline of an algorithm detailed further in [Ftoj99c 



Step Compute the toric resultant matrix Mg corresponding to the support E. 

Step 1 Upon suitably specializing ui,... ,u m to generic integers, and picking a generic polynomial 

system F* with support contained in E, define-] H(s, uq) to be detMg. 
Step 2 Let h(t) be the coefficient of the term of 7i{s,t) of lowest degree in s. 

Step 3 Compute hi,... , h n by a slightly more complicated combination of interpolation and special- 
ized determinants. 

(The toric resultant Res*(-) appears as follows: detMg is actually a multiple of Resg(-) evaluated 
at the polynomial system (F, f m +i), where f m+ i = UQ + uixi + • • • + u m x m .) 

Step (0) is a preprocessing step with complexity dominated by the remainder of our algorithm. 
The proof follows easily from the theory of [GKZ94, EC95| (via the Cayley trick, the well-known 
algorithms for simplicial subdivisions [PS85|, and the mixed-subdivision algorithm for computing 
Mg), but would be too great a digression to include in this abstract. So we consider our remaining 
steps. 



7 In realit y, TL wil l be a divisor of a variant of this determinant. This accounts for the copious amount of interpolation 
below. See [R,oj99c] for further details. 
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The determination of a generic F* in Step (1) can be done in work well-dominated by the 
remainder of our algorithm, by Main Theorem 3 of [|Roj99c |, (The parallelization of finding F* is 
quite straightforward.) 

As for the rest of Steps (1) and (2), a lucky choice of u\, . . . ,u n , would reduce our work to 
evaluating 0(nM(E) mm{R(E) 2 , S (E)}) determinants of size (D*(S(E)) x 0*(S(E)) and one eval- 
uation/interpolation problem of size 0*(S(E)). In the absence of such luck, one can instead be de- 
terministic and evalute 0*(n 3 A4(E) s mm{R(E) 2 , S(E)}) such determimants and solve O* (Ai(E) 2 ) 
such interpolation problems. (Via a technique of Roj99cj , section 5.2], this results in a choice of u\ 
with absolute values at most 0{2 n n 2n M.(E) 2n ).) In particular, it easily follows from recent par- 
allel matrix algorithms, e.g., |BP94|| , that Steps (1) and (2) take overall (arithmetic) parallel time 
0{\ogS(E)) using Q *(n 3 M(E) 3 S(E) 2 - 376 min{i?(ij;) 2 , S(E)}) processors. In terms of the Turing 
(bit) model, [|BP94| (and the structure of our algorithm) tells us that we need only include an 
additional factor of Lp. So the overall parallel time is 0(log{S(E)LF}) with the same number of 
processors. 

By [Roj99c] it then follows that Step (3) amounts to n repetitions of what we just did for Step 
(2), and this work can be done in parallel. We thus at last arrive at a parallel complexity bound of 
0{\og{S{E)L F }) time using C>*(ra 4 .M(£) 3 S(£) 2 - 376 mm{R(E) 2 , S(E)}) processors. 

We now analyze the size of the coefficients of h. Here, we will consider a fundamental special 
case. The proof of the general case follows easily from the special case via known bounds on the 
coefficients of factors of multivariate polynomials, e.g., [Mig92|. 

So let us make the following assumption: the determinant of Mg does not vanish identically.^] 
In which case, it indeed suffices to define H(s,uq) as detMg itself. 

By construction, there will be exactly M{E) rows of Mg involving coefficients of f m +\ and 
exactly S{E) — M(E) rows involving the parameter s. Furthermore, the coefficients of F* can 
all be assumed to be 1, by Main Theorem 3 of Roj99c ]. So by expanding TC(s,uq) in terms of 
minors, and using Hadamard's inequality [ |Mig92| , it easily follows that the coefficient of t % in h{t) 

has absolute value at most ( M W ) (2n 2 M{E) 2 ) nM{E) (cVkY^ ~ M{E \ s by Stirling's formula 



we can conclude the case m = n. 



Remark 15. The main trick in the above algorithm is to use a generic linear form to project the 
roots of F onto C. This is done so as to leave the underlying coordinate rings isomorphic over Q. 
This motivated our choice of f m +l above. In particular, the roots of h are exactly the image of the 
roots of F under the chosen linear form. However, this technique is quite general and other choices 
of fm+i o,re possible and quite useful. For instance, picking f m +i = uo + u i%i amounts to projecting 
the roots onto the Xi-axis. 

The case m>n: We first note that the zero set of F, now considered as an m x m polynomial 
system, consists of a set of disjoint linear subvarieties. Under the natural embedding of C n w C m 
(into the first n coordinates), these linear subspaces intersect C n precisely in the roots of F. Fur- 
thermore, these linear subspaces never intersect within the toric compactification T corresponding 
to the polytope Conv(-Ei). In particular, there is a one to one correspondence between these 

linear subspaces of T and the points of Z. 



8 This assumption can be removed at the price of an additional evaluation/interpolation step. The details will be 
covered in the full version of this paper. 
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To solve F, it thus suffices to find a point in every irreducible component of the zero set of F 
in T, and then project these points onto C n . Main Theorem 1 of [Roj99c] can do exactly this for 



us. As for the complexity and coefficient analysis, this proceeds almost the same as the case m = n 
solved above. The only exception is that we will need only n of the polynomials hi,... , h m . Our 
complexity and size bounds then follow immediately from the m = n case. ■ 

6. Coefficient Bounds and Prime Distribution: Proving Main Theorem |5] and Main 

Theorem || 

Proof of Main Theorem The bounds on the coefficients of h derived in the proof of Main 
Theorem || (which are more precise than those stated in the theorem itself) are general enough 
that we can vary ui,... ,u n to our advantage. In particular, setting all Uj to except for Uj, we 
obtain that any i— coordinate of a root of F must be a root of h. By [Mig92, theorem 4.2, (viii)], 
our root size bound then follows immediately. ■ 

Proof of Main Theorem By Main Theorem |] (see also remark ^), we obtain a polynomial 
h with the following properties: (a) degh < A4(E), (b) the coefficients of h are integers of size 
polynomial in S(E) and the size of F, and (c) F has a rational root iff h has a rational root. 
Main Theorem ^ then follows immediately from the main theorem of [Wei84], which is essentially 



just a univariate version of Main Theorem |2[ In particular, our A is the same A as that of 
Weinberger, and the quantity Cf is just the logarithm of the discriminant of h. By Main Theorem 
[| (and an application of the Jacobian), Cp has size polynomial in S(E) and the size of F. ■ 
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